@HackingLZ If defensive operators are informed of offensive activities, there is a zero percent chance the detections and responses are authentically representative.
@_rybaz@risk3sixty As much as I hate to use them, you've omitted a traditional vulnerability scanner from your list, and some assessments truly do warrant one. Although OpenVAS/GVM and nmap vulnerability scripts are free, they are woefully unfit to serve as core tooling for a paid assessment.
@HackingLZ Because if your project sponsor and the team that hired you are in the same business unit as the SOC, then you can't trust your trusted agent. Prepare to get "detected" shortly after your status updates.
#RedTeam n00b Tip: If you're on a Linux box and need to port scan without nmap, try netcat.
nc -zv 10.11.12.13 1-65535 2>&1 | grep succeeded
Or loop through a list of targets:
for target in $(cat targets.txt); do nc -zv $target 1-65535 2>&1 | grep succeeded; done